{"id":"DEBIAN-CVE-2008-0891","details":"Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet.  NOTE: some of these details are obtained from third party information.","modified":"2026-04-28T20:12:03.495007Z","published":"2008-05-29T16:32:00Z","upstream":["CVE-2008-0891"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2008-0891"}],"affected":[{"package":{"name":"openssl","ecosystem":"Debian:11","purl":"pkg:deb/debian/openssl?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.8g-10.1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-0891.json"}},{"package":{"name":"openssl","ecosystem":"Debian:12","purl":"pkg:deb/debian/openssl?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.8g-10.1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-0891.json"}},{"package":{"name":"openssl","ecosystem":"Debian:13","purl":"pkg:deb/debian/openssl?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.8g-10.1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-0891.json"}},{"package":{"name":"openssl","ecosystem":"Debian:14","purl":"pkg:deb/debian/openssl?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.8g-10.1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2008-0891.json"}}],"schema_version":"1.7.5"}